Bump the npm_and_yarn group across 1 directory with 17 updates #8

dependabot · 2026-01-10T00:10:25Z

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package	From	To
ajv	`5.5.2`	`6.12.6`
async	`2.6.0`	`2.6.4`
braces	`1.8.5`	`3.0.3`
browserify-sign	`4.0.4`	`4.2.5`
chownr	`1.0.1`	`1.1.4`
cipher-base	`1.0.4`	`1.0.7`
html-parse-stringify2	`2.0.1`	`removed`
loader-utils	`1.1.0`	`1.4.2`
minimist	`0.0.8`	`1.2.8`
serialize-javascript	`1.4.0`	`6.0.2`
ua-parser-js	`0.7.17`	`0.7.41`
y18n	`3.2.1`	`3.2.2`
yargs-parser	`7.0.0`	`removed`

Updates ajv from 5.5.2 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@sambauers, #1143) Option keywords to add custom keywords (@franciscomorais, #1137) Types fixes (@boenrobot, @MattiAstedrone) Docs:

error logging example (@RadiationSickness)

TypeScript usage notes (@thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

v6.10.0

Option strictDefaults to report ignored defaults (#957, @not-an-aardvark) Option strictKeywords to report unknown keywords (#781)

v6.9.0

OpenAPI keyword nullable can be any boolean (and not only true). Custom keyword definition changes:

dependencies option in to require the presence of keywords in the same schema.

... (truncated)

Commits

fe59143 6.12.6
d580d3e Merge pull request #1298 from ajv-validator/fix-url
fd36389 fix: regular expression for "url" format
490e34c docs: link to v7-beta branch
9cd93a1 docs: note about v7 in readme
877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
f1c8e45 6.12.5
764035e Merge branch 'ChALkeR-chalker/fix-comma'
3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
Additional commits viewable in compare view

Updates async from 2.6.0 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

Fix potential prototype pollution exploit (#1828)

v2.6.3

Updated lodash to squelch a security warning (#1675)

v2.6.2

Updated lodash to squelch a security warning (#1620)

v2.6.1

Updated lodash to prevent npm audit warnings. (#1532, #1533)

Made async-es more optimized for webpack users (#1517)

Fixed a stack overflow with large collections and a synchronous iterator (#1514)

Various small fixes/chores (#1505, #1511, #1527, #1530)

Commits

c6bdaca Version 2.6.4
8870da9 Update built files
4df6754 update changelog
8f7f903 Fix prototype pollution vulnerability (#1828)
f1d8383 Version 2.6.3
2b674c1 update changelog
eab740f fix: udpate lodash. closes #1675
eaf32be Version 2.6.2
684b42e Update built files
e1bd3da update changelog
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates braces from 1.8.5 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Changelogs are for humans, not machines.

There should be an entry for every single version.

The same types of changes should be grouped.

Versions and sections should be linkable.

The latest version comes first.

The release date of each versions is displayed.

Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

Added for new features.

Changed for changes in existing functionality.

Deprecated for soon-to-be removed features.

Removed for now removed features.

Fixed for any bug fixes.

Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

The undocumented .makeRe method was removed

Require Node.js >= 8.3

Non-breaking changes

Caching was removed

[2.3.2] - 2018-04-08

start refactoring

... (truncated)

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates browserify-sign from 4.0.4 to 4.2.5

Changelog

Sourced from browserify-sign's changelog.

v4.2.5 - 2025-09-24

Commits

[Tests] clean up tests and convert console info skips to tape skips 37b083c

[Fix] restore node 0.10 support faade86

[Deps] update parse-asn1 5a0f159

[actions] drop unsupported nodes from CI 106be97

v4.2.4 - 2025-09-22

Commits

[actions] split out node 10-20, and 20+ 17920d9

[meta] remove files field 6d5b280

[Deps] update bn.js, browserify-rsa, elliptic 31be0c2

[Dev Deps] update @ljharb/eslint-config, auto-changelog, semver, tape 5f66982

[Tests] replace aud with npm audit d44b24d

[Dev Deps] add missing peer dep ab975f4

[Deps] revert 9e2bf12, now that v3.1.1 is out 428cf7f

v4.2.3 - 2024-03-05

Commits

[patch] widen support to 0.12 9247adf

[patch] drop minimum node support to v1 4d0ee49

[Dev Deps] update aud, npmignore, tape 87f3a35

[actions] remove redundant finisher 37a4758

[Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12

[Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)

[Deps] update elliptic fb261ce

[Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

[Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

Only apps should have lockfiles 09a8995

[eslint] switch to eslint 83fe463

[meta] add npmignore and auto-changelog 4418183

[meta] fix package.json indentation 9ac5a5e

[Tests] migrate from travis to github actions d845d85

[Fix] sign: throw on unsupported padding scheme 8767739

[Fix] properly check the upper bound for DSA signatures 85994cd

[Tests] handle openSSL not supporting a scheme f5f17c2

... (truncated)

Commits

d3a7458 v4.2.5
37b083c [Tests] clean up tests and convert console info skips to tape skips
faade86 [Fix] restore node 0.10 support
5a0f159 [Deps] update parse-asn1
106be97 [actions] drop unsupported nodes from CI
9c37172 v4.2.4
6d5b280 [meta] remove files field
17920d9 [actions] split out node 10-20, and 20+
31be0c2 [Deps] update bn.js, browserify-rsa, elliptic
ab975f4 [Dev Deps] add missing peer dep
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates chownr from 1.0.1 to 1.1.4

Commits

814f642 1.1.4
a0d7ae0 push to github before npm
1a3667a ignore stuff
147eac4 Full tests, handle errors properly in many cases
578fb9f update tap, fix rimraf version
5bbda8c feat: ignore ENOENT errors during chown
deaa058 1.1.3
190e311 Don't early-capture the fs.lchownSync method
df2826a push to git with 1 command, not 2
cf3b27b 1.1.2
Additional commits viewable in compare view

Updates cipher-base from 1.0.4 to 1.0.7

Changelog

Sourced from cipher-base's changelog.

v1.0.7 - 2025-09-24

Commits

[Refactor] use to-buffer fd1e5ee

[Dev Deps] update @ljharb/eslint-config 08ba803

v1.0.6 - 2024-11-26

Commits

[Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

[Tests] standard -> eslint, make test dir, etc ae02fd6

[Tests] migrate from travis to GHA 66387d7

[meta] fix package.json indentation 5c02918

[Fix] return valid values on multi-byte-wide TypedArray input 8fd1364

[meta] add auto-changelog 88dc806

[meta] add npmignore and safe-publish-latest 7a137d7

Only apps should have lockfiles 42528f2

[Deps] update inherits, safe-buffer 0e7a2d9

[meta] add missing engines.node f2dc13e

Commits

0056718 v1.0.7
fd1e5ee [Refactor] use to-buffer
08ba803 [Dev Deps] update @ljharb/eslint-config
f5249f9 v1.0.6
b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
f03cebf v1.0.5
88dc806 [meta] add auto-changelog
7a137d7 [meta] add npmignore and safe-publish-latest
5c02918 [meta] fix package.json indentation
8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.

Updates elliptic from 6.4.0 to 6.6.1

Commits

9b77436 6.6.1
04cb6f5 Merge commit from fork
b8a7edd 6.6.0
34c8534 fix: signature verification due to leading zeros
3e46a48 6.5.7
accb61e lib: DER signature decoding correction
03e06e1 6.5.6
7ac5360 Merge commit from fork
7570078 6.5.5
206da2e lib: lint
Additional commits viewable in compare view

Removes html-parse-stringify2

Updates loader-utils from 1.1.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

security problem (#220) (4504e34)

v1.4.0

1.4.0 (2020-02-19)

Features

the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

v1.3.0

1.3.0 (2020-02-19)

Features

support the [query] template for the interpolatedName method (#162) (469eeba)

v1.2.3

1.2.3 (2018-12-27)

Bug Fixes

interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

v1.2.2

1.2.2 (2018-12-27)

Bug Fixes

... (truncated)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

security problem (#220) (4504e34)

1.4.0 (2020-02-19)

Features

the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

Features

support the [query] template for the interpolatedName method (#162) (469eeba)

1.2.3 (2018-12-27)

Bug Fixes

interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

1.2.2 (2018-12-27)

Bug Fixes

... (truncated)

Commits

331ad50 chore(release): 1.4.2
17cbf8f fix: ReDoS problem (#226)
8f082b3 chore(release): 1.4.1
4504e34 fix: security problem (#220)
d95b8b5 chore(release): 1.4.0
cd0e428 feat: the resourceQuery is passed to the interpolateName method (#163)
06d36cf chore(release): 1.3.0
469eeba feat: support the [query] template for the interpolatedName method (#162)
909c99d chore: funding.yml config and CI fix (#159)
b5b74f0 Set up CI with Azure Pipelines
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for loader-utils since your current version.

Updates lodash from 4.17.4 to 4.17.21

Commits

f299b52 Bump to v4.17.21
c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
3469357 Prevent command injection through _.template's variable option
ded9bc6 Bump to v4.17.20.
63150ef Documentation fixes.
00f0f62 test.js: Remove trailing comma.
846e434 Temporarily use a custom fork of lodash-cli.
5d046f3 Re-enable Travis tests on 4.17 branch.
aa816b3 Remove /npm-package.
d7fbc52 Bump to v4.17.19
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates minimist from 0.0.8 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

[Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)

[Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)

[Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

[Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)

[Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)

[Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)

[Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)

[Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

Merge tag 'v0.2.3' a026794

[eslint] fix indentation and whitespace 5368ca4

[eslint] fix indentation and whitespace e5f5067

[eslint] more cleanup 62fde7d

[eslint] more cleanup 36ac5d0

[meta] add auto-changelog 73923d2

[actions] add reusable workflows d80727d

[eslint] add eslint; rules to enable later are warnings 48bc06a

[eslint] fix indentation 34b0f1c

[readme] rename and add badges 5df0fe4

[Dev Deps] switch from covert to nyc a48b128

[Dev Deps] update covert, tape; remove unnecessary tap f0fb958

[meta] create FUNDING.yml; add funding in package.json 3639e0c

[meta] use npmignore to autogenerate an npmignore file be2e038

Only apps should have lockfiles 282b570

isConstructorOrProto adapted from PR ef9153f

[Dev Deps] update @ljharb/eslint-config, aud 098873c

[Dev Deps] update @ljharb/eslint-config, aud 3124ed3

[meta] add safe-publish-latest 4b927de

[Tests] add aud in posttest b32d9bd

[meta] update repo URLs f9fdfc0

[actions] Avoid 0.6 tests due to build failures ba92fe6

[Dev Deps] update tape 950eaa7

[Dev Deps] add missing npmignore dev dep 3226afa

Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

6901ee2 v1.2.8
a026794 Merge tag 'v0.2.3'
c0b2661 v0.2.3
63b8fee [Fix] Fix long option followed by single dash (#17)
72239e6 [Tests] Remove duplicate test (#12)
34b0f1c [eslint] fix indentation
3226afa [Dev Deps] add missing npmignore dev dep
098873c [Dev Deps] update @ljharb/eslint-config, aud
9ec4d27 [Fix] Fix long option followed by single dash
ba92fe6 [actions] Avoid 0.6 tests due to build failures
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates pbkdf2 from 3.0.14 to 3.1.5

Changelog

Sourced from pbkdf2's changelog.

v3.1.5 - 2025-09-23

Commits

[Fix] only allow finite iterations 67bd94d

[Fix] restore node 0.10 support 8f59d96

[Fix] check parameters before the "no Promise" bailout d2dc5f0

v3.1.4 - 2025-09-22

Commits

[Deps] update create-hash, ripemd160, sha.js, to-buffer 8dbf49b

[meta] update repo URLs d15bc35

[Dev Deps] update @ljharb/eslint-config aaf870b

v3.1.3 - 2025-06-20

Commits

Only apps should have lockfiles 8b06730

[lint] fix whitespace 9a76e2f

[lint] fix parens/curlies/semis/etc 6fd84bf

[meta] add auto-changelog 796c38d

[Tests] fix tests in node 17 3661fb0

Revert "[Tests] fix tests in node < 3" 7431b57

[Tests] fix tests in node < 3 eb9f97a

[Fix] ensure unknown algorithms throw + known ones match node 26d4fd3

[Tests] add GHA, always run nyc 513906a

[lint] fix a few more rules ab04da8

[lint] switch to eslint 89694cf

[Tests] add coverage d0d534b

[Refactor] use to-buffer e3102a8

[readme] improve badges fca0c9d

[Tests] remove unused travis file a2c7d93

[meta] switch from files to npmignore 7f31fbc

[Tests] use .nycrc 8d628e8

[Refactor] minor tweaks fc61005

[Deps] update create-hmac, safe-buffer, sha.js ae2a7d0

[Fix] pin create-hash, ripemd160 due to breaking changes e079968

[Tests] fix tests in node 3 45fbcf3

[meta] skip publishing benchmarks 19ea57b

[Dev Deps] add missing peer dep 645e252

v3.1.2 - 2021-04-09

Commits

handle nextTick 36457b9

Check for process before accessing 449e510

... (truncated)

Commits

3687905 v3.1.5
67bd94d [Fix] only allow finite iterations
8f59d96 [Fix] restore node 0.10 support
d2dc5f0 [Fix] check parameters before the "no Promise" bailout
b2ad615 v3.1.4
8dbf49b [Deps] update create-hash, ripemd160, sha.js, to-buffer
aaf870b [Dev Deps] update @ljharb/eslint-config
d15bc35 [meta] update repo URLs
3e40827 v3.1.3
e3102a8 [Refactor] use to-buffer
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for pbkdf2 since your current version.

Updates serialize-javascript from 1.4.0 to 6.0.2

Release notes

Sourced from serialize-javascript's releases.

v6.0.2

fix: serialize URL string contents to prevent XSS (#173) f27d65d

Bump @babel/traverse from 7.10.1 to 7.23.7 (#171) 02499c0

docs: update readme with URL support (#146) 0d88527

chore: update node version and lock file e2a3a91

fix typo (#164) 5a1fa64

yahoo/serialize-javascript@v6.0.1...v6.0.2

v6.0.1

What's Changed

Bump mocha from 9.0.1 to 9.0.2 by @dependabot in yahoo/serialize-javascript#126

Bump mocha from 9.0.2 to 9.0.3 by @dependabot in yahoo/serialize-javascript#127

Bump path-parse from 1.0.6 to 1.0.7 by @dependabot in yahoo/serialize-javascript#129

Bump mocha from 9.0.3 to 9.1.0 by @dependabot in yahoo/serialize-javascript#130

Bump mocha from 9.1.0 to 9.1.1 by @dependabot in yahoo/serialize-javascript#131

Bump mocha from 9.1.1 to 9.1.2 by @dependabot in yahoo/serialize-javascript#132

Bump mocha from 9.1.2 to 9.1.3 by @dependabot in yahoo/serialize-javascript#133

Bump mocha from 9.1.3 to 9.1.4 by @dependabot in yahoo/serialize-javascript#137

Bump mocha from 9.1.4 to 9.2.0 by @dependabot in yahoo/serialize-javascript#138

Bump chai from 4.3.4 to 4.3.6 by @dependabot in yahoo/serialize-javascript#140

Bump ansi-regex from 5.0.0 to 5.0.1 by @dependabot in yahoo/serialize-javascript#141

Bump mocha from 9.2.0 to 9.2.2 by @dependabot in yahoo/serialize-javascript#143

Bump minimist from 1.2.5 to 1.2.6 by @dependabot in yahoo/serialize-javascript#144

Bump mocha from 9.2.2 to 10.0.0 by @dependabot in yahoo/serialize-javascript#145

Bump mocha from 10.0.0 to 10.1.0 by @dependabot in yahoo/serialize-javascript#149

Bump chai from 4.3.6 to 4.3.7 by @dependabot in yahoo/serialize-javascript#150

ci: test.yml - actions bump by @piwysocki in yahoo/serialize-javascript#151

Bump minimatch from 3.0.4 to 3.1.2 by @dependabot in yahoo/serialize-javascript#152

Bump mocha from 10.1.0 to 10.2.0 by @dependabot in yahoo/serialize-javascript#153

Bump json5 from 2.1.3 to 2.2.3 by @dependabot in yahoo/serialize-javascript#155

Fix serialization issue for 0n. by @momocow in yahoo/serialize-javascript#156

Release v6.0.1 by @okuryu in yahoo/serialize-javascript#157

New Contributors

@piwysocki made their first contribution in yahoo/serialize-javascript#151

@momocow made their first contribution in yahoo/serialize-javascript#156

Full Changelog: yahoo/serialize-javascript@v6.0.0...v6.0.1

v6.0.0
...
Description has been truncated

Bumps the npm_and_yarn group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `5.5.2` | `6.12.6` | | [async](https://github.com/caolan/async) | `2.6.0` | `2.6.4` | | [braces](https://github.com/micromatch/braces) | `1.8.5` | `3.0.3` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.5` | | [chownr](https://github.com/isaacs/chownr) | `1.0.1` | `1.1.4` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [html-parse-stringify2](https://github.com/rayd/html-parse-stringify2) | `2.0.1` | `removed` | | [loader-utils](https://github.com/webpack/loader-utils) | `1.1.0` | `1.4.2` | | [minimist](https://github.com/minimistjs/minimist) | `0.0.8` | `1.2.8` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `1.4.0` | `6.0.2` | | [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `0.7.17` | `0.7.41` | | [y18n](https://github.com/yargs/y18n) | `3.2.1` | `3.2.2` | | [yargs-parser](https://github.com/yargs/yargs-parser) | `7.0.0` | `removed` | Updates `ajv` from 5.5.2 to 6.12.6 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v5.5.2...v6.12.6) Updates `async` from 2.6.0 to 2.6.4 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.0...v2.6.4) Updates `braces` from 1.8.5 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@1.8.5...3.0.3) Updates `browserify-sign` from 4.0.4 to 4.2.5 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.0.4...v4.2.5) Updates `chownr` from 1.0.1 to 1.1.4 - [Commits](isaacs/chownr@v1.0.1...v1.1.4) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `elliptic` from 6.4.0 to 6.6.1 - [Commits](indutny/elliptic@v6.4.0...v6.6.1) Removes `html-parse-stringify2` Updates `loader-utils` from 1.1.0 to 1.4.2 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md) - [Commits](webpack/loader-utils@v1.1.0...v1.4.2) Updates `lodash` from 4.17.4 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.4...4.17.21) Updates `minimist` from 0.0.8 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v0.0.8...v1.2.8) Updates `pbkdf2` from 3.0.14 to 3.1.5 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.0.14...v3.1.5) Updates `serialize-javascript` from 1.4.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v1.4.0...v6.0.2) Updates `sha.js` from 2.4.9 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.9...v2.4.12) Updates `ua-parser-js` from 0.7.17 to 0.7.41 - [Release notes](https://github.com/faisalman/ua-parser-js/releases) - [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md) - [Commits](faisalman/ua-parser-js@0.7.17...0.7.41) Updates `y18n` from 3.2.1 to 3.2.2 - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Removes `yargs-parser` --- updated-dependencies: - dependency-name: ajv dependency-version: 6.12.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: async dependency-version: 2.6.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-version: 4.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: chownr dependency-version: 1.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-version: 6.6.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: html-parse-stringify2 dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-version: 1.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.21 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-version: 1.2.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ua-parser-js dependency-version: 0.7.41 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: y18n dependency-version: 3.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: yargs-parser dependency-version: dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 10, 2026

This was referenced Jan 10, 2026

Bump loader-utils from 1.1.0 to 1.4.2 #3

Closed

Bump lodash from 4.17.4 to 4.17.21 #5

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 17 updates #8

Bump the npm_and_yarn group across 1 directory with 17 updates #8

Uh oh!

dependabot bot commented on behalf of github Jan 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Bump the npm_and_yarn group across 1 directory with 17 updates #8

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 17 updates #8

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 10, 2026

v6.12.6

v6.12.5

v6.12.4

v6.12.3

v6.12.2

v6.12.1

v6.12.0

v6.11.0

v6.10.2

v6.10.1

v6.10.0

v6.9.0

v2.6.4

v2.6.3

v2.6.2

v2.6.1

Release history

[3.0.0] - 2018-04-08

[2.3.2] - 2018-04-08

v4.2.5 - 2025-09-24

Commits

v4.2.4 - 2025-09-22

Commits

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

v1.0.7 - 2025-09-24

Commits

v1.0.6 - 2024-11-26

Commits

v1.0.5 - 2024-11-17

Commits

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

v1.4.0

1.4.0 (2020-02-19)

Features

v1.3.0

1.3.0 (2020-02-19)

Features

v1.2.3

1.2.3 (2018-12-27)

Bug Fixes

v1.2.2

1.2.2 (2018-12-27)

Bug Fixes

1.4.2 (2022-11-11)

Bug Fixes

1.4.1 (2022-11-07)

Bug Fixes

1.4.0 (2020-02-19)

Features

1.3.0 (2020-02-19)

Features

1.2.3 (2018-12-27)

Bug Fixes

1.2.2 (2018-12-27)

Bug Fixes

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

v1.2.7 - 2022-10-10

Commits

v3.1.5 - 2025-09-23

Commits

v3.1.4 - 2025-09-22

Commits